Survey: Almost half of Irish businesses would hide data breach from customers

Ward Solutions has revealed the results of a new survey that found almost half (46%) of Irish businesses wouldn’t disclose a data security breach to impacted third parties, including customers and suppliers. This is despite 33% of Irish businesses admitting that they have suffered a data breach in the past 12 months.

The findings of the 2016 Ward Solutions Information Security Report show that organisations lack transparency when it comes to reporting security incidents that concern third parties and are under-prepared to tackle them when they occur. The survey was carried out among 133 senior IT professionals and decision makers in Ireland.

More than one-quarter (26%) of respondents admitted that they have no official crisis management plan to deal with potential data breaches. A further 33% indicated that their organisation does not have a policy in place to conform to the new Privacy Shield legislation. 32% feel that their board of directors does not understand the potential security threats to their business. In addition, 42% of IT professionals believe their business growth is being hindered by IT security concerns and precautions.

The survey also found that while 63% of businesses expect to spend more on their IT security in the next 12 months, a considerable number of Irish IT leaders are unsure about the location of their critical data and who is handling it. Almost one-quarter (23%) don’t have policies or controls in place when it comes to third-party access to data. As a result, some 18% of respondents admitted that they don’t know where, or by whom, data handled by third parties in the supply chain is held.

In fact, respondents also had their doubts about the trustworthiness or expert knowledge of the people handling their data – including their own staff and also employees on the supply chain – 10% said that they are not at all confident in them. Despite this, a worrying 28% said they audit for compliance in data handling policies less than once per year, with 14% admitting they don’t audit data handling at all.

Pat Larkin, CEO, Ward Solutions, said: “It is crucial for all Irish businesses to know exactly where their data is at all times and who is handling it. A lack of that knowledge puts organisations, and their customers, at greater risk of being attacked. It’s a major concern that almost half of Irish companies would not inform their customers, partners or suppliers that their information has been compromised through a data breach.

“There’s a worrying trend that cybercrime is being under-reported in Ireland. Customers place their trust in the companies they deal with and it is every business’s obligation to be transparent with those customers and inform them of any risk to their data. However, we do expect that more robust compliance obligations will drive reporting levels up in the near future.”

Also revealed in the survey were the figures demanded by hackers in ransomware incidents. Two-thirds of those who have been held to ransom said the ransom demand they faced was less than €1,000. This indicates a growing trend amongst cyber criminals to demand smaller fees that are more likely to be paid – especially by smaller enterprises. However, 58% of companies surveyed said they wouldn’t pay a ransom, no matter what the demand.

“Data breaches and ransomware attacks are continuing to grow at pace in Ireland. They often lead to significant brand and financial damage through poor handling of the situation. A data compromise requires a quick, controlled response from the entire business. It’s essential that Irish organisations put comprehensive crisis management plans and systems in place to remain protected and ensure survival in the event of an attack,” concluded Pat Larkin.

The full version of Ward Solutions’ 2016 Information Security Report can be downloaded here.